Openly imposes significant limitations upon the collection of personal information. These limitations ensure that minimal personal information is collected about Openly users. Aside from data minimisation, Openly uses Amazon Cognito to manage user authentication. Every account has the option of enabling 2-factor authentication. Amazon Cognito supports encryption of data-at-rest and in-transit. Amazon Cognito is HIPAA eligible and PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant. Openly also recently completed a full-scale penetration test using both blackbox and greybox methodology, and no point of unauthorised entry was obtained.